Clickered Malware issues

Please find the attached files. Malware bytes after scanning twice would not provide the log, I assume you really need that correct?

rerunning malwarebytes to get log. Attached the 3rd log but it does not show 181 files infected like before. Also my avast alerts of changed to http:redirect.ad-feeds…

Thank you for all your help.

This should clear it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM-x32\...\Run: [] => [X] GroupPolicyUsers\S-1-5-21-3310639881-3946580387-4186064510-1007\User: Group Policy restriction detected <======= ATTENTION SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File BHO-x32: No Name -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> No File BHO-x32: No Name -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM-x32 - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms} CHR HKLM-x32\...\Chrome\Extension: [ohgghoahdhkjiojjjpacpaojbfbdbfoc] - C:\ProgramData\AskPartnerNetwork\Toolbar\OVO2V7SATC\CRX\ToolbarCR.crx [2014-04-04] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2014-09-01 14:19 - 2014-09-01 14:23 - 00000000 ____D () C:\Users\GDB\AppData\Local\Idle~_~Crawler 2014-09-01 14:19 - 2014-09-01 14:19 - 00004578 _____ () C:\Windows\System32\Tasks\Idle~_~Crawler Runner 2014-09-01 14:16 - 2014-09-01 14:16 - 00004018 _____ () C:\Windows\System32\Tasks\LaunchSignup 2014-09-01 14:12 - 2014-09-01 19:39 - 00001332 _____ () C:\Windows\Tasks\RRQMRIG.job 2014-09-01 14:12 - 2014-09-01 14:12 - 00004350 _____ () C:\Windows\System32\Tasks\RRQMRIG 2014-09-01 14:11 - 2014-09-01 19:39 - 00001328 _____ () C:\Windows\Tasks\WKGSI.job 2014-09-01 14:11 - 2014-09-01 19:36 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-09-01 14:11 - 2014-09-01 14:11 - 00004346 _____ () C:\Windows\System32\Tasks\WKGSI 2014-09-01 14:11 - 2014-09-01 14:11 - 00000000 ____D () C:\Users\GDB\AppData\Local\globalUpdate 2014-09-01 04:18 - 2014-09-01 04:18 - 00002086 _____ () C:\Users\GDB\AppData\Roaming\RRQMRIG 2014-09-01 04:18 - 2014-09-01 04:18 - 00001248 _____ () C:\Users\GDB\AppData\Roaming\WKGSI 2014-08-30 13:03 - 2014-08-30 13:03 - 00000000 ____D () C:\Users\GDB\AppData\Local\{9AFB1E20-6F3C-46B5-B777-4020AAE0DDAA} 2014-08-29 10:00 - 2014-08-29 10:00 - 11487648 _____ () C:\ProgramData\SPL422D.tmp 2014-08-28 13:29 - 2014-08-28 13:29 - 11487648 _____ () C:\ProgramData\SPLDAAA.tmp 2014-09-01 15:50 - 2014-09-01 15:50 - 00000000 _____ () C:\Windows\SysWOW64\shoBB6.tmp 2014-08-17 23:31 - 2014-08-17 23:33 - 00001144 _____ () C:\Users\GDB\Desktop\Live PC Help.lnk 2014-08-17 23:24 - 2014-08-19 10:48 - 00002233 _____ () C:\Users\GDB\Desktop\Search.lnk 2014-08-17 23:24 - 2014-08-17 23:25 - 00002634 _____ () C:\Users\GDB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-08-17 23:23 - 2014-09-01 19:36 - 00000000 ____D () C:\Users\GDB\AppData\Roaming\Systweak Task: {63E81ADC-FBCC-4865-AAC8-3B344658A850} - System32\Tasks\Idle~_~Crawler Runner => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe <==== ATTENTION Task: {9035A66D-5C93-4625-830A-6C5F2F2F1E43} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {9168C458-A5B4-4B3D-BFCA-AA55D5B06DD3} - System32\Tasks\WKGSI => C:\Users\GDB\AppData\Roaming\WKGSI.exe Task: {AFAB7F4E-0863-4343-A61B-65D38C2BC381} - \ASP No Task File <==== ATTENTION Task: C:\Windows\Tasks\RRQMRIG.job => C:\Users\GDB\AppData\Roaming\RRQMRIG.exe Task: C:\Windows\Tasks\WKGSI.job => C:\Users\GDB\AppData\Roaming\WKGSI.exe EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please find the requested reports.

Thank you

How is the computer now, have the alerts ceased

The alerts have ceased since yesterday but earlier today when I opened google through chrome it gave me a similar alert but not titled clickered or anything I saw before. It was only once and have not seen it in again…does that qualify as a false positive…if I am using that term correctly.

Other than that all seems excellent and appreciate your assistance.

copied:
Infection blocked
URL hxxp://goggle.com/
Infection URL:Mal

that is a fake URL… goggle.com … correct would be google.com

VirusTotal
https://www.virustotal.com/nb/url/6e611acaa3c71d8a74e0c8e20a6762f6a1d71bbf3b7be360d2302c64eacb7322/analysis/1409779034/

IP address info
https://www.virustotal.com/nb/ip-address/66.228.52.159/information/

Norton Safe web - Web Attack: Facebook Fake Survey 9
http://safeweb.norton.com/report/show?url=goggle.com

So I don’t have to do anything seeming avast took care of it correct?

Thank you.

Otherwise known as typo-squatting. Web site is deliberately set up to take advantage of typing errors in the url address bar, or, user clicks a wrong link, perhaps in too much of a hurry, in Google or elsewhere. Always take the time to read the url closely and verify that it is the correct one. That way, you’ll know you clicked the correct one if you get redirected elsewhere, and know something is up immediately.

Only test for sure is that of time, regarding the pop-ups and infection issues.

Best to wait for the all-clear from essexboy.

How is the computer behaving now ?